AWS cli documentation change
Summary
Added documentation for BlockedEncryptionTypes feature and updated encryption configuration details
Security assessment
Introduces documentation for blocking specific encryption types (SSE-C), which is a security control feature. While it enhances security documentation, there's no evidence of addressing an existing vulnerability.
Diff
diff --git a/cli/latest/reference/s3api/get-bucket-encryption.md b/cli/latest/reference/s3api/get-bucket-encryption.md index 6a9d58d15..fa822711e 100644 --- a//cli/latest/reference/s3api/get-bucket-encryption.md +++ b//cli/latest/reference/s3api/get-bucket-encryption.md @@ -15 +15 @@ - * [AWS CLI 2.31.39 Command Reference](../../index.html) » + * [AWS CLI 2.32.3 Command Reference](../../index.html) » @@ -60 +60 @@ First time using the AWS CLI? See the [User Guide](https://docs.aws.amazon.com/c -Returns the default encryption configuration for an Amazon S3 bucket. By default, all buckets have a default encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). +Returns the default encryption configuration for an Amazon S3 bucket. By default, all buckets have a default encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). This operation also returns the [BucketKeyEnabled](https://docs.aws.amazon.com/AmazonS3/latest/API/API_BucketKeyEnabled.html) and [BlockedEncryptionTypes](https://docs.aws.amazon.com/AmazonS3/latest/API/API_BlockedEncryptionTypes.html) statuses. @@ -64 +64 @@ Returns the default encryption configuration for an Amazon S3 bucket. By default - * **General purpose buckets** \- For information about the bucket default encryption feature, see [Amazon S3 Bucket Default Encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) in the _Amazon S3 User Guide_ . + * **General purpose buckets** \- For information about the bucket default encryption feature, see [Amazon S3 Bucket Default Encryption](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-encryption.html) in the _Amazon S3 User Guide_ . @@ -352,0 +353,25 @@ ServerSideEncryptionConfiguration -> (structure) +>>> +>>> BlockedEncryptionTypes -> (structure) +>>> +>>>> A bucket-level setting for Amazon S3 general purpose buckets used to prevent the upload of new objects encrypted with the specified server-side encryption type. For example, blocking an encryption type will block `PutObject` , `CopyObject` , `PostObject` , multipart upload, and replication requests to the bucket for objects with the specified encryption type. However, you can continue to read and list any pre-existing objects already encrypted with the specified encryption type. For more information, see [Blocking an encryption type for a general purpose bucket](https://docs.aws.amazon.com/AmazonS3/userguide/block-encryption-type.html) . +>>>> +>>>> ### Note +>>>> +>>>> Currently, this parameter only supports blocking or unblocking Server Side Encryption with Customer Provided Keys (SSE-C). For more information about SSE-C, see [Using server-side encryption with customer-provided keys (SSE-C)](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html) . +>>>> +>>>> EncryptionType -> (list) +>>>> +>>>>> The object encryption type that you want to block or unblock for an Amazon S3 general purpose bucket. +>>>>> +>>>>> ### Note +>>>>> +>>>>> Currently, this parameter only supports blocking or unblocking server side encryption with customer-provided keys (SSE-C). For more information about SSE-C, see [Using server-side encryption with customer-provided keys (SSE-C)](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html) . +>>>>> +>>>>> (string) +>>>>> +>>>>>> Possible values: +>>>>>> +>>>>>> * `NONE` +>>>>>> * `SSE-C` +>>>>>> + @@ -364 +389 @@ ServerSideEncryptionConfiguration -> (structure) - * [AWS CLI 2.31.39 Command Reference](../../index.html) » + * [AWS CLI 2.32.3 Command Reference](../../index.html) »